phpunit/phpunit Security Advisories (4)
-
[HIGH] PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes
PKSA-qccq-2pht-gg3w GHSA-mh6w-vxff-9wqp
Affected version: >=13.1.5,<13.1.6|>=12.5.21,<12.5.22
Reported by:
GitHub -
[HIGH] Argument injection via newline in PHP INI values forwarded to child processes
PKSA-5jz8-6tcw-pbk4 CVE-2026-41570 GHSA-qrr6-mg7r-m243
Affected version: >=12.5.21,<12.5.22|>=13.1.5,<13.1.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Unsafe Deserialization in PHPT Code Coverage Handling
PKSA-z3gr-8qht-p93v CVE-2026-24765 GHSA-vvj3-c3rp-c85p
Affected version: >=0,<8.5.52|>=9.0.0,<9.6.33|>=10.0.0,<10.5.62|>=11.0.0,<11.5.50|>=12.0.0,<12.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] RCE vulnerability in phpunit
PKSA-w57n-mhp6-c9sd CVE-2017-9841 GHSA-r7c9-c69m-rph8
Affected version: >=5.0.10,<5.6.3|>=4.8.19,<4.8.28
Reported by:
GitHub, FriendsOfPHP/security-advisories